A. Field of Invention
This invention relates to computer systems, and more specifically to an information sharing environment in a computer network. Portions of this patent document may contain material that is subject to copyright protection. The copyright owner has no objection to the facsimile reproduction by anyone of the patent document or the patent disclosure as it appears in the Patent and Trademark Office file or records, but otherwise reserves all copyright rights whatsoever.
Sun, Sun Microsystems, the Sun logo, Solaris, "Write Once, Run Anywhere", Java, JavaOS, JavaStation and all Java-based trademarks and logos are trademarks or registered trademarks of Sun Microsystems, Inc. in the United States and other countries. All SPARC trademarks are used under license and are trademarks of SPARC International, Inc. in the United States and other countries. Products bearing SPARC trademarks are based upon an architecture developed by Sun Microsystems, Inc.
B. Background Art
In computer networks, it is often desirable to share information or services available on one computer ("server") with other computers ("clients") on the network. One area of focus relates to sharing of information over a world wide network of computers known as the Internet or the World Wide Web (WWW). For example, a program (or application) running on a client computer may need to use information available on a remote network, via the Internet.
For security reasons, information communicated over the Internet is shared with trusted applications only. A trusted application is an application that can successfully secure a connection with a network server, after satisfying a series of checks and balances. Typically, an application's access is limited to information that is available on the network server with which it has established a direct communication link. However, sometimes, it is desirable for a client application to access information on a network computer other than the network communication server.
For example, referring to FIG. 1, an employee using his home computer 101 may establish a direct connection via the Internet with an office server 102. As a trusted user, the employee can use information available on server 102. However, for security reasons, he may not be able to use the information on other office computer (e.g., office computer 103) connected to the same network, unless he can successfully establish a direct connection with it. A method is needed to allow a user to securely access information on network computers to which it cannot not directly linked, via the Internet.
The problems involving secure and authorized access to networked computer resources via an Internet connection can be better understood from a review of a general description of network environment, including the Internet, network communication protocols, the Java.TM. programming language, and the prior art resource sharing schemes.
Networks
In modem computing environments, it is common to employ multiple computers or workstations linked together in a network to communicate between, and share data with, network users. A network can be a small system that is physically connected by cables or via wireless communication (a local area network or "LAN"). Alternatively, several separate networks can be connected together to form a larger network (a wide area network or "WAN"). Other types of networks include the Internet, telcom networks, intranets, extranets, wireless networks, and other networks over which electronic, digital and/or analog data may be communicated.
A network may include resources, such as printers, modems, file servers, etc., and may also provide services such as electronic mail and file sharing. These resources and services are, typically, provided to a plurality of users, or client applications that are authorized to access the network.
To access the resources on a network, a client application must successfully authenticate against a network server that acts as a gateway to resources available on that server. However, a client application is, typically, limited to information directly available on the network server. Thus, an application is unable to access the resources available on other network computers, unless it can directly authenticate against them.
The Internet
The Internet is a client/server system that includes a worldwide network of interconnected computers. A "client" is the computer that is used to access the Internet. An Internet client accesses a computer on the network ("server") via an Internet provider. An Internet provider is an organization that provides a client with access to the Internet (via analog telephone line or Integrated Services Digital Network line, for example). Typically, when a user logs onto the Internet or the World Wide Web (WWW), using a client computer, the user views "web pages" that are stored on a remote server. Information including data files, and the web pages are often shared and transferred between the client and the server.
A client may access the resources available on the Internet server, such as shared file systems or printers. Depending on the sensitivity of the resources and the security measures in place, a server evaluates certain information, such as identity of a client, its access rights, and file ownership issues prior to allowing the client to access its resources. One method for sharing resources may be more efficient than another method, depending on the manner the resources are shared.
The components of the Internet include browser software, network links, and servers. The browser software, or browser, is a user-friendly interface that simplifies access to the Internet. A browser allows a client to communicate a request without having to learn a complicated command syntax, for example. A browser typically provides a graphical user interface (GUI) for displaying information and receiving input. Examples of browsers currently available include Netscape Navigator and Internet Explorer.
A browser displays information to a client or user as pages or documents. A language called Hypertext Markup Language (HTML) is used to define the format for a page to be displayed in the browser. A Web page is transmitted to a client as an HTML document. The browser executing at the client parses the document and produces and displays a Web Page based on the information in the HTML document. Consequently, the HTML document defines the Web Page that is rendered at runtime on the browser.
In addition to displaying information, a browser can also retrieve applications or programs from a server to be executed on a client. Typically, an application that runs on a client computer can access the resources of the server that it was retrieved from. However, for security reasons, a client application is not allowed to access the resources of another computer attached to the server, unless it can directly authenticate against it. A method is needed to allow an application to indirectly access resources of computers other than the one it is retrieved from, via the Internet.
Network Communication/Data Transfer
Information servers maintain resources that may be shared through the Internet and are capable of processing a client request to access those resources. To share resources, computers on a network need to be able to communicate with one another. A set of standardized rules, referred to as a "protocol", is utilized to enable computers to communicate.
Communication protocols generally specify the data format, timing, sequencing, and error checking of data transmissions. As a communication network involves numerous layers of operation, various communication protocols are used in the networking environment, as further discussed below.
Transmission Control Protocol/Internet Protocol (TCP/IP)
One communication protocol is referred to as the transmission control protocol/internet protocol ("TCP/IP"). The TCP/IP communication protocol includes a set of communication protocols used on the Internet and on many multiplatform networks.
The TCP/IP protocol family is made up of numerous individual protocols (e.g., file transfer protocol ("FTP"), transmission control protocol ("TCP"), and network terminal protocol ("TELNET")). Using the TCP/IP protocol, information is transmitted in form of messages. The TCP protocol is responsible for breaking up a message into multiple segments, including the segments in packets of manageable size, reassembling the packets at the receiving end, resending any packets that get lost (i.e., are not delivered), and reordering the segments included in the packets in the appropriate format.
A "packet" is an encapsulated form of data or information (also referred to as a "datagram") that is transferred or passed across the Internet according to the communication protocol standards. A packet contains a source and destination address along with the information intended for transmission.
The TCP/IP protocol interfaces with the lower layer network infrastructure responsible for addressing and delivering packets. Other communication protocols such as HTTP/HTTPS, FTP, NFS, etc., provide an interface to higher layers (i.e., application layer) and are referred to as "high level" protocols. High level protocols, typically, define a set of rules for interfacing with network applications and the transmission of information between them. These higher level protocols utilize TCP/IP as the underlying means for communication of information.
To transfer information, a higher level protocol defines a set of commands that one machine sends to another (e.g., commands to specify who the sender of the message is, who it is being sent to, and the content of the message) encapsulated in a series of packets encoded according to the specifications of that communication protocol. Those packets, in turn, are broken up and encapsulated in TCP/IP packets. The packets are transferred across the network to another machine, where the packets are decoded so that the application running on the destination machine can process the information contained therein.
User Datagram Protocol (UDP)
Another transfer protocol that is utilized to control the transfer of information is the user datagram protocol ("UDP"). UDP is designed for applications and data transmissions where sequences of packets do not need to be reassembled at the receiving end. UDP does not keep track of what has been transmitted in order to resend a packet if necessary. Additionally, UDP's header information (information regarding the source and destination and other relevant information) is shorter than the header information utilized in TCP.
TCP and UDP differ in the manner in which they establish a communication link with a destination. To send a message the TCP protocol establishes a communication link between the parties. This link remains open for further transfer of information between the parties, until that link is closed (e.g., similar to a telephone communication). The UDP protocol, however, closes a communication link immediately after the message is sent or received (e.g., similar to a voice mail or a pager service).
Hyper Text Transfer Protocol (HTTP/HTTPS)
Hyper Text Transfer Protocol (HTTP) is an application protocol that is used for communication between an information server and a client browser on the Internet. In this application, HTTP and HTTPS are used interchangeably to refer to the Hyper Text Transfer Protocol and its counterpart HTTPS. HTTPS is the HTTP protocol that implements the Secured Socket Layer (SSL) mechanism that provides means for automated encryption/decryption of messages transported via the HTTP. HTTP has communication methods that identify operations to be performed by a network application (e.g., commands that allow clients to request data from a server and send information to the server).
For example, to submit an HTTP request generated by a client application, the client contacts the HTTP server and transmits the request to the HTTP server. The request contains the communication method requested for the transaction (e.g., GET an object from the server, POST data to an object on the server) and any necessary data. The HTTP server responds to the client by sending a status of the request and/or the requested information. The connection is then terminated between the client and the HTTP server.
A client request therefore, consists of establishing a connection between the client and the HTTP server, performing the request, and terminating the connection. The HTTP server does not maintain any state about the connection once it has been terminated. HTTP is, therefore, a stateless application protocol. That is, a client can make several requests of an HTTP server, but each individual request is treated independent of any other request. The server has no recollection of any previous request.
Internet Applications and Programming Environment
Although Internet applets or application can be developed and executed in any Internet programming environment, they have been described here, by way of example, in connection with the Java language and programming environment.
Java is an object-oriented programming language with each program comprising one or more object classes and interfaces. Unlike many programming languages in which a program is compiled into machine-dependent, executable program code, classes written in the Java programming language are compiled into machine independent bytecode class files. Each class contains code and data in a platform-independent format called the class file format. A bytecode includes a code that identifies an instruction (an opcode) and none or more operands to be used in executing the instruction. The computer system acting as the execution vehicle contains a program called a virtual machine, which is responsible for executing the code (i.e., bytecode) in Java programming language class files.
Client applications may be designed as standalone Java applications, or as Java "applets" which are identified by an applet tag in an HTML document, and loaded by a browser application. The class files associated with an application or applet may be stored on the local computing system, or on a server accessible over a network. Each Java programming language class file is loaded into the Java virtual machine, as needed, by the "class loader."
To provide a client with access to class files from a server on a network, a web server application is executed on the server to respond to HTTP requests containing URLs (Universal Resource Locators) to HTML documents, also referred to as "web pages." When a browser application executing on a client platform receives an HTML document (e.g., as a result of requesting an HTML document by forwarding a URL to the web server), the browser application parses the HTML and automatically initiates the download of the specified bytecode class files when it encounters an applet tag in the HTML document.
The classes of a Java applet are loaded on demand from the network (stored on a server), or from a local file system, when first referenced during the Java applet's execution. The virtual machine locates and loads each class file, parses the class file format, allocates memory for the class's various components, and links the class with other already loaded classes. This process makes the code in the class readily executable by the virtual machine. Native code, e.g., in the form of a dynamic linked library (DLL), is loaded when a Java programming language class file containing the associated native method is instantiated within the virtual machine.
A Java applet loaded from the network server is executed on the client's virtual machine. An applet has limited permission to access the resources available on the server and other network computers. In prior art schemes, this access is typically limited to the resources available on the server where the applet is loaded from. This is because an applet retrieved from a server has a trusted status with that server. A trusted applet is one that can directly connect to a server computer. However, due to security issues, such as firewalls and the limitations associated with the browser architecture, an applet cannot directly access information on other computers on the network by which it is not trusted.
FIG. 1 is a block diagram of a client/server system connected via the Internet. Client application 101 can be an application or applet downloaded from office server 102, via the Internet connection, onto a user's home computer. Typically, applications downloaded from a server are trusted by that server. Thus, client application 101 can access the resources available on office server 102.
It may be desirable for client application 101 to access the resources available on other computers on the office network, such as office computers 103, 104, or 105. However, client application 101 may not be entrusted by those network computers. As a result it cannot directly authenticate against those computers and hence cannot access information available thereon. Current methods do not provide for any means by which an application can access resources on a network computer, via the Internet, unless it can directly authenticate against it. A method is needed to allow an application, trusted to a first computer on a network, to indirectly communicate with other network computers, via the Internet.
The Network File System (NFS)
A distributed file system provides for the sharing of files and information located on computer systems geographically separated but functionally linked together in a communications network. The Network File System or NFS was developed by Sun Microsystems and an example of a distributed file system protocol that allows a computer on a network to use the files and peripherals of another networked computer (remote computer) as if they were local to that computer. NFS operates as a client server application. An NFS server is a computer that shares its resources with other computers (NFS clients) on the network, using the NFS service.
Using NFS, a resource (i.e., software) physically linked to a NFS server may be "NFS mounted." The resource that is "NFS mounted" is accessible to all NFS clients as if the software were stored locally at each client. This is accomplished by a system of tables (mount tables) identifying the mounted resource and the appropriate path names to the NFS server where the resources resides. The NFS system can also be used to locate a designated resource so that it can be accessed from a remote location.
The NFS system generated mount table is stored as a file on each server and client in the NFS network. The mount table consists of a list of entries. When a new resource is mounted, a new entry is generated in the table automatically and is used to locate the resource whenever a request for access to that resource is made by a client.
FIG. 2 is a block diagram illustrating the components of an NFS system and the interrelationship between those components. An NFS system includes application 210 running on NFS client 230, and NFS server 260 that provides access to file system 270 through network 250. Application 210 interfaces via input/output application programming interface (IO API) 220 with NFS client 230. An API is a software program that an application uses to request and carry out lower level services (e.g., initiating network communication) performed by a client computer's operating system.
Application 210 may need to access information stored on remote file system 270, accessible via NFS server 260. Using NFS, application 210 makes a request for a procedure to be performed, (e.g., a read or write request) as if it is making a local procedure call. A local procedure call includes pointers to the locations where data to be processed is stored and is typically in binary format.
While application 210 is waiting for a response to its request, NFS client 230 encodes the contents of the local request into a remote-procedure-call (RPC). An RPC is a message that contains the contents of the local request in converted form, so that it is transferable via communication link 240. A local request is transformed into a RPC request, after it is converted from binary form into network byte format. Each RPC request may need to be broken into multiple packets and embedded in lower level protocols before it is transferred over communication link 240 via the TCP/IP or UDP protocols. Communication link 240 may be established via electrical, electromagnetic or optical signals which carry digital data.
Once NFS server 260 receives a RPC request from NFS client 230, the request is decoded and processed as a local file system operation. The result generated by NFS server 260 is encoded and returned to NFS client 230, where it is further processed and delivered to application 210, as though the result were being returned from a local procedure call.
A user may utilize NFS to obtain information about or modify attributes of a file stored in a remote file system. For example, a user may look up a file name stored at a remote location, and may create, delete, read from and/or write to a file, as if it is managing a file stored at the local computer system. Each file accessed on the remote server is identified by a unique file handle. A file handle is the token by which NFS clients refer to files on an NFS server. Handles are globally unique and are passed in operations, such as read and write, that reference a file. A file handle is created by the NFS server when a request referencing a file is made by an NFS client.
The NFS protocol is stateless, meaning that NFS server does not maintain information about the clients it is serving or about the files that are currently accessed by the clients. Thus, each submitted request by an NFS client to an NFS server must be self-contained (i.e., each request must include all information, such as the file name, file location, and permissions, necessary to access a file). For a detailed study of the Network File System please refer to "The Design and Implementation of the 4.4 BSD Operating System" by Marshall K. McKusick, Addison-Wesley Publishing Company, Inc., (1996), incorporated by reference herein.
WebNFS
A distributed file system may be implemented for sharing files and information located on computer systems functionally linked together via the Internet. Web Network File System or WebNFS, also developed by Sun Microsystems, allows a computer to use the files and peripherals of another computer, using the Internet as the means of communication.
FIG. 3 is a block diagram of a WebNFS system illustrating the components of the system and the manner they interact. It includes application 310, NFS client 330, NFS server 360, and file system 370 in network 350. Application 310 interfaces via IO API 320 with NFS client 330. Application 310 can request access to information stored on remote file system 370, by identifying the uniform resource locator (URL) designation for that resource on the NFS server 360.
WebNFS is a Java implementation of an NFS client. Thus, it is machine independent. NFS client 330, acting as the execution vehicle for WebNFS program code, utilizes Java virtual machine 335. The advantage of Java virtual machine 335 is that it can provide an execution environment for the WebNFS program to run on any platform (i.e. UNIX, personal computers, mainframes, etc.).
Using WebNFS, NFS client 330 makes a request for a procedure to be performed as if it is making a local procedure call. The request is converted into an RPC request by NFS client 330. RPC request is sent embedded in the underlying communication protocols TCP/IP or UDP packets to NFS server 360 via communication link 340. NFS client 330 is responsible for converting IO requests to TCP/IP or UDP packets that are understandable by NFS server 360.
The WebNFS program is executed on NFS server 360 to respond to the RPC requests submitted by NFS client 330. When an NFS request is made, NFS server 360 finds the file for which the request was made and verifies whether requesting application 310 has permission to access file system 370. If permission is granted, NFS server 360 returns a file handle to NFS client 330 through communication link 340, so that the client can access file system 370. In this manner NFS server 360 responds to requests received from NFS client 330, via the Internet.
An application retrieved from the network onto a NFS client can also send or receive information to or from designated resources on an NFS server. However, due to security issues, an application's access to resources on an Internet server is limited. For example, an application may be unable to retrieve information from a computer other than the one from which it was retrieved.
Digital Signature System
One security approach that allows applications or applets to access information on computers other than the one they have been retrieved from uses digital signatures or other forms of certification to confirm that an applet is a trusted applet. For example a digital signature or an authorization certificate from a trusted authority can be included in an applet for verification purposes. A server that the applet seeks to access can determine the authenticity of the applet by verifying the applet's digital signature using a public key/private key encryption technique.
There are disadvantages associated with this scheme. To support digitally signed applets, it is necessary for the client and the server to include the ability to verify the digital signature. For example, the parties to the communication need to have a certification infrastructure to validate an applet's signature. Further, inclusion of a signature mechanism in the applet can make the applet's byte code undesirably lengthy, and can adversely affect the performance of the applet. Hence, signed applet support is not provided by all clients or servers.
Another digital signature system method requires the inclusion of a certification infrastructure in the browser application where an applet operates. However, many currently available browsers do not include this capability either. Thus, a method is needed to allow an application to access resources on computers other than the one it is retrieved from without the need for inclusion of a signature system in the client or the server.